Schema support

Hans Aschauer Hans.Aschauer at Physik.uni-muenchen.de
Fri Apr 5 15:20:28 CEST 2002 

On Thursday, 4. April 2002 23:51, Michael Ströder wrote:


> Hmm, BTW it does not clarify how a client should deal with a
> multi-valued subschemaSubentry attribute. Should schemas be used
> exclusive-or or joined. That's another interesting topic to be
> discussed in IETF ldap-bis WG.

As I understand it, this issue has been addressed in 
draft-ietf-ldapbis-protocol-02.txt:

"""
B.8 Section 3.4 
    
   - Reworded text surrounding subschemaSubentry to reflect that it is 
     a single-valued attribute that holds the schema for the root DSE. 
     Also noted that if the server masters entries that use differing 
     schema, each entry's subschemaSubentry attribute must be 
     interrogated. This may change as further fine-tuning is done to 
     the data model. 
"""


[...]

> So my conclusion is that an application should first try to query
> operational attribute subschemaSubentry for a particular entry and
> fall-back to the subschemaSubentry attribute in the root DSE to find
> out the location of sub schema sub entry in the DIT. Puh...

According to the draft, we should probably query the root DSE only if 
we are interested in the schema controlling the root DSE itself (which 
most applications are not, as I think). On the other hand, the RFC text 
is somwhat misleading (especially where it is changed by the draft), 
and I don't know how implementors of server software interpreted the 
text... 

Anyway, back to the python specific things :-)

* If we implement per-entry schema information, caching is mandatory. 
  And it can be easily done, since we we can create a mapping 
  "subschema-entry RDN" => "schema information" (by doing it this way 
  we would not need nested trees, and for servers which have only one 
  subschema entry, one saves a lot of memory).

  To be specific, for my OpenLDAP installation, this mapping would look 
  like {'cn=Subschema': <class ldap.schema.rootDSESchema at xyz>} --- 
  only one entry. Of course, the name of the class 
  ldap.schema.rootDSESchema has to be changed... How about "schema"?

* How should this cache be accessed? Logically, it belongs to the ldap 
  connection (or to the ldap server, but there is not such python 
  class, is it?). However, I don't know if it is too high-level to make 
  it an attribute of the LDAPObject class.


So long,

Hans


-- 
Hans.Aschauer at Physik.uni-muenchen.de

More information about the python-ldap mailing list